Can you point me to any documentation? On Wednesday, 13 August 2014 04:52:00 UTC-5, Remco Boerma wrote: > > Thanks Massimo, > > Well, with CORS it depends. I used these to get CORS working with at IE11 > and Chrome (latest) > > response.headers['Access-Control-Allow-Origin'] > response.headers['Access-Control-Allow-Methods'] > response.headers['Access-Control-Allow-Headers'] > > Maybe something more dynamic like > auth.cas_allowed_headers_on_redirect = ['Acces-Co...',...] > > though it would require more tuning and more work and less out of the box > functionality. > > For what i have seen it needs these headers on every contact with the > requesting browser, since the entire process is done using ajax that means > all redirects would probably apply. And if not, probably you'll want to > setup a structure to allow CORS on those redirects anyway. > If you really need to know which redirects are used in my situation (i > don't use the form based authentication obviously, so that might save me a > few redirects) i can debug the lot and see what i can come up with. > > With kind regards. > > Op woensdag 13 augustus 2014 07:29:43 UTC+2 schreef Massimo Di Pierro: >> >> Looking into this but I need your help. We cannot preserve all the >> headers because some of them may contain sensitive information that should >> not be sent cross domain (for example session cookies). So the question is, >> which headers should be preserved by which redirects: >> >> There are two redirects in gluon/contrib/login_methods/cas_auth.py >> >> There are two redirects in gluon/tools.py in Auth allow_access. >> >> Do you know which ones need the headers? Which headers? >> >> On Tuesday, 12 August 2014 03:05:27 UTC-5, Remco Boerma wrote: >>> >>> Thanks Massimo, >>> >>> Concerning https://code.google.com/p/web2py/issues/detail?id=1961&can=1 >>> >>> The CAS structure uses redirect() internally. Can you update the call in >>> the CAS code to send the request.headers? That's why i proposed a change on >>> all redirect calls. This allows the CAS to be CORS compliant if the user >>> provides the proper headers on the controller level >>> >>> With kind regards. >>> >>> Remco >>> >>>
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.